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DETAILED ACTION 
Claim Objections 

1 . Claim 12 is objected to because of the following informalities: There are two 
claims with the reference number "12." Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

3. Claims 1-19 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Nachenberg (US pat 5,826,013). 

Regarding claim 1 , Nachenberg teaches a method of detecting a class of viral 
code, comprising: 

heuristically analyzing a subject file to generate a set of flags along with 
statistical information (col. 3 lines 37-53); 

using the set of flags with statistical information to perform at least one search for 
a scan string and/or a statement type in the subject file (col. 3 lines 37-53; col.1 1 lines 3- 
22); and 
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triggering a positive detection alarm if each of the at least one search is found at 
least a corresponding predetermined number of times (col.3 lines 44-46). 

Regarding claim 2, Nachenberg teaches the subject file includes source code in 
a predetermined programming language (col.3 lines 17-35). 

Regarding claim 3, Nachenberg teaches the predetermined programming 
language is a script language (col.5 lines 1 1-50). 

Regarding claim 4, Nachenberg teaches the subject file includes a file for a 
predetermined word processor (col.1 1 lines 35-53). 

Regarding claim 5, Nachenberg teaches at least one flag in the set of flags 
corresponds to a copy operation associated with one of the lass of viral code (col.1 lines 
18-241; col.3 lines 37-53). 

Regarding claim 6, Nachenberg teaches at least one flag in the set of flags 
corresponds to an operation for adding data from a string to a target module (col.5 lines 
11-50). 

Regarding claim 7, Nachenberg teaches at least one flag in the set of flags 
corresponds to an operation for importing another code (col.3 lines 37-53). 
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Regarding claim 8, Nachenberg teaches at least one flag in the set of flags 
corresponds to an operation for disabling virus protection features in a target application 
(col. 5 lines 5-8). 

Regarding claim 9, Nachenberg teaches the searched statement type 
corresponds to an operation for disabling functionalities in a target application (col.4 line 
66 thru col.5 line 10). 

Regarding claim 10 (claim 12 as written), Nachenberg teaches the searched 
statement type corresponds to an operation for overwriting system macros (col.4 lines 
3-14). 

Claim 1 1 is a program storage device claim that is substantially equivalent to 
method claim 1 , therefore claim 1 1 is rejected for the same reasons. 

Claim 12 is a system claim that is substantially equivalent to method claim 1 , 
therefore claim 12 is rejected for the same reasons. 

Claim 13 is a computer data signal claim that is substantially equivalent to 
method claim 1, therefore claim 13 is rejected for the same reasons. 
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Claim 14 is an apparatus claim that is substantially equivalent to method claim 1 , 
therefore claim 14 is rejected for the same reasons. 

Regarding claim 15, Nachenberg teaches the heuristic analyzer is rule-based 
and comprises a heuristic engine and heuristic rules (col.1 lines 63-67; col. 10 lines 28- 
43). 

Regarding claim 16, Nachenberg teaches the heuristics engine, using the 
heuristic rules, parses the subject file (col.1 lines 63-67; col. 3 lines 1-24; col. 10 lines 28- 
43). 

Regarding claim 17, Nachenberg teaches the heuristic rules include sets of 
heuristic flags stored in a rules table (col. 3 lines 9-23). 

Regarding claim 18, Nachenberg teaches the search component is rule-based 
and comprises a search engine and viral code class rules (col. 3 lines 1-23; col.4 lines 
23-41). 

Regarding claim 19, Nachenberg teaches the search component is a neural 
network (fig. 2; col. 6 line 41 thru col.7 line 8). 



Conclusion 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tremayne M. Norris whose telephone number is (571) 
272-3874. The examiner can normally be reached on M-F 7:30AM-5:00PM alternate 
Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Andrew Caldwell can be reached on (571) 272-3868. The fax phone 
number for the organization where this application or proceeding is assigned is 703- 
872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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